added removal of expired sessions on check for valid session

This commit is contained in:
Matthias Kalb 2018-10-26 19:04:49 +02:00
parent aed65dc228
commit 8f1829e3f1

View file

@ -3,6 +3,9 @@
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
if(!(preg_match("/error.+/", $_SERVER["REQUEST_URI"]))) if(!(preg_match("/error.+/", $_SERVER["REQUEST_URI"])))
{ {
# clear expired sessions from the database
$mysqli->query('DELETE FROM `sessions` WHERE `expires` < NOW();');
$result = $mysqli->query('SELECT * FROM `sessions` WHERE `session_id` = \''.$_COOKIE["token"].'\';'); $result = $mysqli->query('SELECT * FROM `sessions` WHERE `session_id` = \''.$_COOKIE["token"].'\';');
if($result->num_rows == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login")) if($result->num_rows == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login"))